selinux-python: Update to 3.5, reorganize package

* Added packages:

  * python3-seobject

    Contains the seobject.py library file which was previously included
    in selinux-semanage

  * selinux-sepolicy

    Contains the sepolicy and sepolgen tools which were previously
    included in python3-sepolicy

  * selinux-sepolgen-ifgen

    Contains the sepolgen-ifgen tool which was previously included in
    selinux-audit2allow

  * selinux-python

    A meta-package to install all tools

* Change the python3-sepolgen data_dir from /usr/share/sepolgen to
  /etc/sepolgen (updated 0001-sepolgen-adjust-data_dir.patch), and add
  the directory to conffiles

  By default, the sepolgen-ifgen tool writes to a file named
  "interface_info" in the data directory, to be read by the audit2allow
  tool. The header comment in the perm_map file also suggests that the
  file is customizable.

  The best place for these files would be in /var/lib, but /etc is more
  appropriate than /usr.

* Remove gui files from python3-sepolicy (0003-sepolicy-no-gui.patch)

* Fix ModuleNotFoundError raised by sepolicy
  (0004-sepolicy-fix-get_os_version-except.patch)

  Patch has been submitted upstream:
  https://lore.kernel.org/selinux/20230619063217.3165462-1-jeffery.to@gmail.com/

* Update package titles, descriptions, and dependencies

* Use Py3Package to build Python bytecode and source packages

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

diff --git a/utils/selinux-python/Makefile b/utils/selinux-python/Makefile
index 20d6b110662303d3445a094efaac1e2c93d87c64..ababbae95e45ae8eebc4ef9f7affc7ff9a4818d5 100644 (file)
--- a/utils/selinux-python/Makefile
+++ b/utils/selinux-python/Makefile
@@ -6,18 +6,20 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=selinux-python
-PKG_VERSION:=3.2
-PKG_RELEASE:=3
+PKG_VERSION:=3.5
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
-PKG_HASH:=770855ea8120ef23007fdb9db94b1ed6e8cd77917b584ed8877bbee9c16e74fb
+PKG_HASH:=8245bb4dae59333461f19ca0c79a829081f07972fa5e3ad4c2b2b917dd71d96b
 
 PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 PKG_LICENSE:=GPL-2.0-only
-PKG_LICENSE_FILES:=COPYING
-PYTHON3_PKG_BUILD:=0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
+PYTHON3_PKG_BUILD:=0
 
 include $(INCLUDE_DIR)/package.mk
 include ../../lang/python/python3-package.mk
@@ -28,7 +30,7 @@ include ../../lang/python/python3-package.mk
 
 define Package/selinux-python/Default
   URL:=http://selinuxproject.org/page/Main_Page
-  DEPENDS:=+python3
+  DEPENDS:=+python3-light
 endef
 
 define Package/selinux-python/Default/python
@@ -36,48 +38,78 @@ $(call Package/selinux-python/Default)
   SUBMENU:=Python
   SECTION:=lang
   CATEGORY:=Languages
-  DEPENDS:=
 endef
 
 define Package/selinux-python/Default/util
 $(call Package/selinux-python/Default)
   SECTION:=utils
   CATEGORY:=Utilities
+  TITLE:=SELinux management utility
 endef
 
 define Package/selinux-python/Default/description
-       A set of SELinux tools written in python that help with
-       managing a system with SELinux enabled.
+A set of SELinux tools written in Python that help with managing a
+system with SELinux enabled.
 endef
 
 MAKE_VARS = \
-       PYTHON=$(HOST_PYTHON3_BIN) \
-       PYTHONLIBDIR=$(PYTHON3_PKG_DIR) \
-       $(PYTHON3_VARS)
+       $(PYTHON3_VARS) \
+       $(HOST_PYTHON3_PIP_VARS) \
+       PYTHON_SETUP_ARGS=--no-compile
 
 define Build/Compile
        $(call Build/Compile/Default,all)
 endef
 
+#
+# python3-seobject
+#
+
+define Package/python3-seobject
+$(call Package/selinux-python/Default/python)
+  TITLE:=SELinux seobject library
+  DEPENDS+= +python3-selinux +python3-semanage +python3-sepolicy +python3-setools
+endef
+
+define Package/python3-seobject/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the seobject library.
+endef
+
+define Py3Package/python3-seobject/filespec
++|$(PYTHON3_PKG_DIR)/seobject.py
+endef
+
+Py3Package/python3-seobject/install:=:
+
 #
 # python3-sepolgen
 #
 
 define Package/python3-sepolgen
 $(call Package/selinux-python/Default/python)
-  TITLE:=python3-sepolgen
+  TITLE:=SELinux policy generation library
+  DEPENDS+= +python3-selinux
 endef
 
 define Package/python3-sepolgen/description
 $(call Package/selinux-python/Default/description)
-  This package contains the sepolgen Python library.
+
+This package contains the SELinux policy generation Python library.
+endef
+
+define Package/python3-sepolgen/conffiles
+/etc/sepolgen/
+endef
+
+define Py3Package/python3-sepolgen/filespec
++|$(PYTHON3_PKG_DIR)/sepolgen
 endef
 
-define Package/python3-sepolgen/install
-       $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolgen DESTDIR=$(1) install
-       $(INSTALL_DIR) $(1)/usr/share/sepolgen/
-       $(INSTALL_DATA) $(1)/var/lib/sepolgen/perm_map $(1)/usr/share/sepolgen/perm_map
-       $(RM) -rf $(1)/var
+define Py3Package/python3-sepolgen/install
+       $(INSTALL_DIR) $(1)/etc/sepolgen
+       $(INSTALL_DATA) $(PKG_INSTALL_DIR)/var/lib/sepolgen/perm_map $(1)/etc/sepolgen/
 endef
 
 #
@@ -86,37 +118,45 @@ endef
 
 define Package/python3-sepolicy
 $(call Package/selinux-python/Default/python)
-  TITLE:=python3-sepolicy
+  TITLE:=SELinux Policy Analyses binding
+  DEPENDS+= +python3-selinux +python3-sepolgen +python3-xml +python3-setools
 endef
 
 define Package/python3-sepolicy/description
 $(call Package/selinux-python/Default/description)
-  This package contains the sepolicy Python library.
+
+This package contains a Python binding for SELinux Policy Analyses.
 endef
 
-define Package/python3-sepolicy/install
-       $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolicy DESTDIR=$(1) install
-       rm -rf $(1)/usr/share
+define Py3Package/python3-sepolicy/filespec
++|$(PYTHON3_PKG_DIR)/sepolicy
+-|$(PYTHON3_PKG_DIR)/sepolicy/gui.py
+-|$(PYTHON3_PKG_DIR)/sepolicy/sedbus.py
++|$(PYTHON3_PKG_DIR)/sepolicy-$(PKG_VERSION).dist-info
 endef
 
+Py3Package/python3-sepolicy/install:=:
+
 #
 # selinux-audit2allow
 #
 
 define Package/selinux-audit2allow
 $(call Package/selinux-python/Default/util)
-  TITLE:=selinux-audit2allow
-  DEPENDS+= +python3-selinux +python3-sepolgen +libselinux +libsepol
+  TITLE+= audit2allow
+  DEPENDS+= +python3-selinux +python3-sepolgen
 endef
 
 define Package/selinux-audit2allow/description
 $(call Package/selinux-python/Default/description)
-  This package contains the audit2allow and audit2why tools.
+
+This package contains the audit2allow and audit2why tools.
 endef
 
 define Package/selinux-audit2allow/install
-       $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/audit2allow DESTDIR=$(1) install
-       rm -rf $(1)/usr/share/man
+       $(INSTALL_DIR) $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/audit2allow $(1)/usr/bin/
+       $(LN) audit2allow $(1)/usr/bin/audit2why
 endef
 
 #
@@ -125,42 +165,125 @@ endef
 
 define Package/selinux-chcat
 $(call Package/selinux-python/Default/util)
-  TITLE:=selinux-chcat
-  DEPENDS+= +python3-selinux
+  TITLE+= chcat
+  DEPENDS+= +python3-selinux +python3-seobject +selinux-semanage
 endef
 
 define Package/selinux-chcat/description
 $(call Package/selinux-python/Default/description)
-  This package contains the chcat tool.
+
+This package contains the chcat tool.
 endef
 
 define Package/selinux-chcat/install
-       $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/chcat DESTDIR=$(1) install
-       rm -rf $(1)/usr/share
+       $(INSTALL_DIR) $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/chcat $(1)/usr/bin/
+endef
+
+#
+# selinux-python
+#
+
+define Package/selinux-python
+$(call Package/selinux-python/Default/util)
+  TITLE+= meta-package
+  DEPENDS:= \
+    +selinux-audit2allow \
+    +selinux-chcat \
+    +selinux-semanage \
+    +selinux-sepolgen-ifgen \
+    +selinux-sepolicy
 endef
 
+define Package/selinux-python/description
+$(call Package/selinux-python/Default/description)
+
+This is a meta-package that installs all of the SELinux management
+utilities.
+endef
+
+Package/selinux-python/install:=:
+
 #
 # selinux-semanage
 #
 
 define Package/selinux-semanage
 $(call Package/selinux-python/Default/util)
-  TITLE:=selinux-semanage
-  DEPENDS+= +python3-selinux +python3-sepolicy +python3-semanage +setools
+  TITLE+= semanage
+  DEPENDS+= +python3-seobject
 endef
 
 define Package/selinux-semanage/description
 $(call Package/selinux-python/Default/description)
-  This package contains the semanage tool.
+
+This package contains the semanage tool.
 endef
 
 define Package/selinux-semanage/install
-       $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/semanage DESTDIR=$(1) install
-       rm -rf $(1)/usr/share
+       $(INSTALL_DIR) $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/semanage $(1)/usr/sbin/
 endef
 
+#
+# selinux-sepolgen-ifgen
+#
+
+define Package/selinux-sepolgen-ifgen
+$(call Package/selinux-python/Default/util)
+  TITLE+= sepolgen-ifgen
+  DEPENDS+= +python3-selinux +python3-sepolgen +libselinux
+endef
+
+define Package/selinux-sepolgen-iften/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the sepolgen-ifgen tool.
+endef
+
+define Package/selinux-sepolgen-ifgen/install
+       $(INSTALL_DIR) $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolgen-ifgen $(1)/usr/bin/
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolgen-ifgen-attr-helper $(1)/usr/bin/
+endef
+
+#
+# selinux-sepolicy
+#
+
+define Package/selinux-sepolicy
+$(call Package/selinux-python/Default/util)
+  TITLE+= sepolicy
+  DEPENDS+= +python3-multiprocessing +python3-selinux +python3-sepolicy
+endef
+
+define Package/selinux-sepolicy/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the sepolicy and sepolgen tools.
+endef
+
+define Package/selinux-sepolicy/install
+       $(INSTALL_DIR) $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolicy $(1)/usr/bin/
+       $(LN) sepolicy $(1)/usr/bin/sepolgen
+endef
+
+$(eval $(call Py3Package,python3-seobject))
+$(eval $(call Py3Package,python3-sepolgen))
+$(eval $(call Py3Package,python3-sepolicy))
+
+$(eval $(call BuildPackage,python3-seobject))
 $(eval $(call BuildPackage,python3-sepolgen))
 $(eval $(call BuildPackage,python3-sepolicy))
+
+$(eval $(call BuildPackage,python3-seobject-src))
+$(eval $(call BuildPackage,python3-sepolgen-src))
+$(eval $(call BuildPackage,python3-sepolicy-src))
+
 $(eval $(call BuildPackage,selinux-audit2allow))
 $(eval $(call BuildPackage,selinux-chcat))
+$(eval $(call BuildPackage,selinux-python))
 $(eval $(call BuildPackage,selinux-semanage))
+$(eval $(call BuildPackage,selinux-sepolgen-ifgen))
+$(eval $(call BuildPackage,selinux-sepolicy))

diff --git a/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
index 2589f2f9910560c6c9e9f688b04f2396bb097e84..5b866f19979942e49ed09873b568ece7140739d3 100644 (file)
--- a/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
+++ b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
@@ -4,6 +4,8 @@ Date: Wed, 2 Oct 2019 12:04:24 +0200
 Subject: [PATCH] sepolgen: adjust data_dir()
 
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+(changed data_dir prefix from /usr/share to /etc)
+Signed-off-by: Jeffery To <jeffery.to@gmail.com>
 ---
  sepolgen/src/sepolgen/defaults.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
@@ -15,7 +17,7 @@ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
  
  def data_dir():
 -    return "/var/lib/sepolgen"
-+    return "/usr/share/sepolgen"
++    return "/etc/sepolgen"
  
  def perm_map():
      return data_dir() + "/perm_map"

diff --git a/utils/selinux-python/patches/0003-sepolicy-no-gui.patch b/utils/selinux-python/patches/0003-sepolicy-no-gui.patch
new file mode 100644 (file)
index 0000000..a822d4c
--- /dev/null
+++ b/utils/selinux-python/patches/0003-sepolicy-no-gui.patch
@@ -0,0 +1,23 @@
+--- a/sepolicy/sepolicy.py
++++ b/sepolicy/sepolicy.py
+@@ -685,7 +685,6 @@ if __name__ == '__main__':
+     gen_booleans_args(subparsers)
+     gen_communicate_args(subparsers)
+     gen_generate_args(subparsers)
+-    gen_gui_args(subparsers)
+     gen_interface_args(subparsers)
+     gen_manpage_args(subparsers)
+     gen_network_args(subparsers)
+--- a/sepolicy/setup.py
++++ b/sepolicy/setup.py
+@@ -13,10 +13,5 @@ setup(
+     packages=[
+         "sepolicy",
+         "sepolicy.templates",
+-        "sepolicy.help"
+     ],
+-    package_data={
+-        'sepolicy': ['*.glade'],
+-        'sepolicy.help': ['*.txt', '*.png']
+-    }
+ )

diff --git a/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch b/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch
new file mode 100644 (file)
index 0000000..f035846
--- /dev/null
+++ b/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch
@@ -0,0 +1,39 @@
+commit 80ba6c49dec9c2c48775e70a4d4564ba5e59eea1
+Author: Jeffery To <jeffery.to@gmail.com>
+Date:   Mon Jun 19 14:15:45 2023 +0800
+
+    python/sepolicy: Fix get_os_version except clause
+    
+    This adds more exceptions to be handled by the except clause in
+    `get_os_version()`:
+    
+    * If the `distro` package is not installed, then `import distro` raises
+      a `ModuleNotFoundError` exception.
+    
+    * The distro documentation[1] lists `OSError` and `UnicodeError` as
+      exceptions that can be raised.
+    
+    * Older versions of distro (<= 1.6.0) may also raise
+      `subprocessCalledProcessError`[2].
+    
+    [1]: https://github.com/python-distro/distro/blob/v1.8.0/src/distro/distro.py#L749-L753
+    [2]: https://github.com/python-distro/distro/blob/v1.6.0/distro.py#L726-L728
+    
+    Signed-off-by: Jeffery To <jeffery.to@gmail.com>
+
+--- a/sepolicy/sepolicy/__init__.py
++++ b/sepolicy/sepolicy/__init__.py
+@@ -1240,11 +1240,12 @@ def boolean_desc(boolean):
+ 
+ 
+ def get_os_version():
++    import subprocess
+     system_release = ""
+     try:
+         import distro
+         system_release = distro.name(pretty=True)
+-    except IOError:
++    except (ModuleNotFoundError, OSError, IOError, UnicodeError, subprocess.CalledProcessError):
+         system_release = "Misc"
+ 
+     return system_release

diff --git a/utils/selinux-python/patches/0005-no-translations.patch b/utils/selinux-python/patches/0005-no-translations.patch
new file mode 100644 (file)
index 0000000..9b1cb8c
--- /dev/null
+++ b/utils/selinux-python/patches/0005-no-translations.patch
@@ -0,0 +1,8 @@
+--- a/Makefile
++++ b/Makefile
+@@ -1,4 +1,4 @@
+-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
++SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
+ 
+ all install relabel clean indent test:
+       @for subdir in $(SUBDIRS); do \